Tag: Hack

Facebook published this October 12, 2018 an update on the attack that we presented to you just about two weeks ago in an article titled Facebook Hack – Over 90 Million Accounts Affected. Is Your Facebook Account Affected?. The attack exploited the access tokens “stolen” via a vulnerability in Facebook’s View As feature. The vulnerability was then used to compromise what was initially estimated as 50 million Facebook accounts and that caused Facebook to reset close to 90 million accounts access tokens.

The Update In A Nutshell

Facebook has narrowed down the number of compromised accounts to 30 million which are grouped in three different categories. Facebook will inform the members of each category about what type and amount of information was compromised for individual users via a notification in the user’s timeline. In their update, Facebook provides the scope of the attack:

The attackers used a portion of these 400,000 people’s lists of friends to steal access tokens for about 30 million people. For 15 million people, attackers accessed two sets of information – name and contact details (phone number, email, or both, depending on what people had on their profiles). For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. For 1 million people, the attackers did not access any information. People can check whether they were affected by visiting our Help Center.

The featured image of this article is the mockup of what the notifications are supposed to look like. Please go to Facebook’s newsroom for a detailed article providing the October 12, 2018 update.

What Do You Need To Do?

Facebook is collaborating with security agencies around the world including the FBI and the Irish Data Protection Commission to narrow down who the attackers are and what their intents are. Meanwhile, please beware of any email, phone calls, or other tactics that could be used to scam you via social engineering as the attackers start using the information they stole from your profile or those of your friends or friends’ friends on Facebook. Do you give away personal information unless you can ascertain you know who you are talking to and why you are giving away personal information. You will most likely need to maintain this level of alert for the next several years depending on what information about your or your connections was compromised.

If you have questions of information about the attack, please post them in the comment section of this article, but you can find most questions and answers currently available as part of this press call transcript published by Facebook.

Facebook just published a Security Update about a major Security Breach that exploited the View As feature and other code modifications done to Facebook in July 2017.
Read up more on this hack and take any necessary steps like logging out of your account and logging back in. Facebook’s announcement claims that you do not need to change your password, but if you really have not changed it in a while, take the opportunity and do it. Also consider adding two-step authentication while you are at it.

On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.

Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.

Here is the action we have already taken. First, we’ve fixed the vulnerability and informed law enforcement.

Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.

Third, we’re temporarily turning off the “View As” feature while we conduct a thorough security review.

This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted “View As.” The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.

Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.

People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened. There’s no need for anyone to change their passwords. But people who are having trouble logging back into Facebook — for example because they’ve forgotten their password — should visit our Help Center. And if anyone wants to take the precautionary action of logging out of Facebook, they should visit the “Security and Login” section in settings. It lists the places people are logged into Facebook with a one-click option to log out of them all.

Updates as of September 28 2018, 4:37 PM CST:

We have updated the title of this article to read over 90 Millions instead of 50 Millions as initially posted.

In an article published after our initial post, Brian Krebs wrote that he heard back from Facebook after he asked them whether the stolen tokens could be used to log into other sites that the users had logged into using their Facebook accounts. Krebs reports:

“A Facebook spokesperson confirmed that while it was technically possible that an attacker could have abused this bug to target third-party apps and sites that use Facebook logins, the company doesn’t have any evidence so far that this has happened.

“We have invalidated data access for third-party apps for the affected individuals,” the spokesperson said, referring to the 90 million account that were forcibly logged out today and presented with a notification about the incident at the top of their feed.”

Also, Krebs did mention in his article a very important Facebook feature to be aware of:

More importantly, it’s a good idea for all Facebook users to review their login activity. This page should let you view which devices are logged in to your account and approximately where in the world those devices are at the moment. That page also has an option to force a simultaneous logout of all devices connected to your account.

In one more of these wonderful scripts that can do crazy things, philastokes from APPLEWRITERHELPER, has handed you the keys to the kingdom. With this simple script, you can find our the last time the passwords for a set number of users was changed on a Mac running OS. And that right from your Terminal.

Sometimes it can be useful to know when the user’s password was last changed. For example, you might want to enforce a policy of having users (or yourself!) change login passwords after a given period. Alternatively, if you or one of your users is experiencing login difficulties, you might want to check that the password […]

#one liner command line to get last password set times for all users on the mac

To have any events logged in here, you have to at least have these things in place:

You must be running the Windows Feature AppServer (Terminal Services Application Server)

The specified logs must be enabled.

With these conditions in place, these logs show give you the user names and computer names of all Remote Desktop sessions that have taken place between your computer and other client devices for a certain duration of time. Of course the length of the log depends on the properties you have set for the logs (e.g. Enabled logging, Maximum log size, what to do when maximum event log size is reached, etc.).

Please note that these logs can also be used to diagnose and troubleshoot RDS sessions that disconnect in an apparently random way.

One other place you can check is your Event Viewer > Windows Logs > Security which should have audit log of successful and failed logons if you had activated the “Audit logon events” in Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy snap-in.

Finally, a rather simple way you can go about it is by using the command line as an administrator and typing the following command (more about it at the Windows Command Line reference below):

net user username | findstr /B /C:"Last logon"

Do you know of any other ways to achieve this audit? Please let us know in the comment section.

Uber has suffered a data breach a year ago, and the address and email information of 57 million people were stolen. Uber paid off the hackers who then supposedly deleted the data, but that cannot be confirmed.

Watch out for phishing emails related to this Uber data theft, for instance that your “Uber account was compromised” and that you need to change your password, or anything else related to Uber that could be suspicious.

Never click on a link in an email for situations like these, always go to the website yourself through your browser’s address bar or a bookmark you have set earlier.

Remember, Think Before You Click!

Get Wisdom & Undersanding

By this the love of God is revealed in us: that God has sent his one and only Son into the world so that we may live through Him.

In this is love: not that we have loved God, but that he loved us and sent his Son to be the atoning sacrifice for our sins. 1 John 4:9-10

DISCLAIMER: USE OUR SITE AT YOUR OWN RISK

Anything we suggest here is of good faith and is to be taken as a mere piece of information for you to take or not take. You are not bound to use any of our insights. Just to be clear: you assume all responsibility for anything you do; we are not liable for anything that should go wrong. Should all go well, please recommend us to your friends.